Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 334571c9 by Markus Koschany at 2023-11-05T00:13:24+01:00 Remove memcached from dla-needed.txt - - - - - d66194c5 by Markus Koschany at 2023-11-05T00:14:38+01:00 Triage CVE-2023-46852,CVE-2023-46853,memcached as not affected for Buster The vulnerable code was introduced in later releases. See https://github.com/memcached/memcached/commit/d22b66483bce8843110795609386edc6ebf65b69 - - - - - a6dea465 by Markus Koschany at 2023-11-05T00:17:30+01:00 Claim netty in dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1092,11 +1092,13 @@ CVE-2023-46853 (In Memcached before 1.6.22, an off-by-one error exists when proc - memcached 1.6.22-1 [bookworm] - memcached <no-dsa> (Minor issue) [bullseye] - memcached <no-dsa> (Minor issue) + [buster] - memcached <not-affected> (The vulnerable code was introduced later) NOTE: https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa (1.6.22) CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when processing m ...) - memcached 1.6.22-1 [bookworm] - memcached <no-dsa> (Minor issue) [bullseye] - memcached <no-dsa> (Minor issue) + [buster] - memcached <not-affected> (The vulnerable code was introduced later) NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22) CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerabili ...) - activemq <unfixed> (bug #1054909) ===================================== data/dla-needed.txt ===================================== @@ -132,14 +132,11 @@ lwip mediawiki (guilhem) NOTE: 20231011: Added by Front-Desk (ta) -- -memcached (Markus Koschany) - NOTE: 20231029: Added by Front-Desk (gladk) --- mosquitto (Markus Koschany) NOTE: 20230924: Added by Front-Desk (apo) NOTE: 20231009: Waiting for upstream clarification how to proceed with open CVE. (apo) -- -netty +netty (Markus Koschany) NOTE: 20231104: Added by Front-Desk (lamby) NOTE: 20231104: For, at least, CVE-2023-44487. (lamby) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d0f985fa27b64648fbb9e89d112ba6386220cd...a6dea465fc1ab0e1751bff0880c481020624cd99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/10d0f985fa27b64648fbb9e89d112ba6386220cd...a6dea465fc1ab0e1751bff0880c481020624cd99 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
